Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco Firewall Services Module Software |
Informations | |||
---|---|---|---|
Name | cisco-sa-20131009-fwsm | First vendor Publication | 2013-10-09 |
Vendor | Cisco | Last vendor Modification | 2013-10-09 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Firewall Services Module (FWSM) Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: Cisco FWSM Command Authorization Vulnerability SQL*Net Inspection Engine Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other. Successful exploitation of the Cisco FWSM Command Authorization Vulnerability may result in a complete compromise of the confidentiality, integrity and availability of the affected system. Successful exploitation of the SQL*Net Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm Note: The Cisco Adaptive Security Appliance (ASA) may be affected by the SQL*Net Inspection Engine Denial of Service Vulnerability. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco ASA. That advisory is available at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlJVVngACgkQUddfH3/BbTqEHwD+MG4AnaGKJkTqhajTCmuZMSwC q8zMqwatIzdi3sisKJcA/28pIwT+I0BapJppueqTvMKvVfxA0X78/dgGkY82Jdgp =TW/T END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-10-17 | IAVM : 2013-A-0192 - Multiple Vulnerabilities in Cisco ASA Severity : Category I - VMSKEY : V0040780 |
2013-10-17 | IAVM : 2013-A-0193 - Multiple Vulnerabilities in Cisco Firewall Services Module (FWSM) Severity : Category I - VMSKEY : V0040790 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Cisco ASA SQLNet inspection engine denial of service attempt RuleID : 31667 - Revision : 3 - Type : SERVER-OTHER |
2014-11-16 | Cisco ASA SQLNet inspection engine denial of service attempt RuleID : 31666 - Revision : 3 - Type : SERVER-OTHER |
2014-11-16 | Cisco ASA SQLNet inspection engine denial of service attempt RuleID : 31665 - Revision : 3 - Type : SERVER-OTHER |
2014-11-16 | Cisco ASA SQLNet inspection engine denial of service attempt RuleID : 31664 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-18 | Name : The remote device is missing a vendor-supplied security update. File : cisco-sa-20131009-fwsm.nasl - Type : ACT_GATHER_INFO |
2013-10-17 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20131009-asa.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:12 |
|
2013-11-11 12:37:34 |
|
2013-10-15 21:26:01 |
|
2013-10-09 21:19:51 |
|